Ph.D Student | Paskin-Cherniavsky Anat |
---|---|

Subject | Secure Computation with Minimal Interaction |

Department | Department of Computer Science |

Supervisors | Professor Yuval Ishai |

Professor Eyal Kushilevitz | |

Full Thesis text |

In the problem
of *secure multiparty computation* (MPC) we have *n* parties who want
to jointly evaluate a function *f* on their local inputs. An MPC protocol
should allow the parties to correctly compute *f* while hiding the inputs
from each other to the extent possible. An important complexity measure of MPC
protocols is their round complexity. In this thesis, we study a few questions
related to the goal of minimizing the round complexity of MPC.

**2-round
MPC. **We study the possibility of MPC with only two rounds of interaction
in the case that an honest majority is assumed. We obtain several positive
results which complement previous negative results in the area.

**On
constant-round unconditional MPC. **We show that a common general technique
for constructing such protocols can apply only to functions *f* in the
class NC (that is, functions efficiently computable in parallel).

Many previous
constant-round protocols relied on efficient representations of functions by
low-degree* randomizing polynomials*. In most of these representations,
the degree in the randomness is at most 2 and the degree in the input is
constant. We show that any function *f* which has an efficient
representation with such degree constraints must be in NC.

On the flip side, this negative result provides an avenue for obtaining new parallel algorithms via the construction of randomizing polynomials. We provide several examples for the potential usefulness of this approach.

**Computing
on encrypted data.** We present a 2-message two-party protocol for
evaluating branching programs such that the communication complexity depends
only on the *length* of the branching program and not on its size. This
protocol implies an encryption scheme which supports an efficient evaluation of
bounded-length branching programs on encrypted data. Subsequently to our work,
a more general result (allowing to evaluate arbitrary *circuits* on
encrypted data) was given in a breakthrough result of Gentry. However, our
protocol is simpler, relies on a different intractability assumption, and can
be more easily modified to offer protection against malicious parties.